AT&T’s privacy plan may be short-lived and may not even be as bad as we think

AT&T hit a nerve with its privacy-eroding Internet Preferences Plan, which lets customers surf the web at gigabit speeds but also lets the telecom giant see what sites they visit in order to serve up relevant ads. AT&T’s plan may be short-lived, however, if the FCC takes action under its new neutrality rules and, in any case, AT&T may catch less of your web surfing than you fear.

If you’re unfamiliar, the issue arose back in December of 2013 when AT&T launched its GigaPower service in Austin with a footnote in its press release noting that in exchange for giving up their privacy, AT&T gives subscribers a $29 discount. That’s now how AT&T sells its GigaPower plan, which is currently offered in Austin, Texas; Dallas and Fort Worth, Texas; and Raleigh-Durham and Winston-Salem markets; as well as parts of Kansas City, Kansas and Missouri.

But AT&T’s sales pitch deserves a bit more scrutiny. First, the idea that gigabit service should come with a privacy clause that you must opt-into by paying an extra fee each month rubs many people the wrong way. (AT&T charges people $70 a month for its privacy eroding Internet Preferences plan, but $99 a month plus extra fees that eventually totaled $44 a month for a standard plan that lets you surf unseen by Ma Bell.)

The good news is that under Section 222 of Title II of the Communications Act that the FCC recently decided to implement as part of its net neutrality order, the agency can do something about Ma Bell’s plan. Section 222 protects the private information of a customer that carriers are privy to given their position as the providers of telecommunications services, and lays out how that information can be used or shared. It’s not clear if the FCC will choose to implement Section 222, although in the original proposal it has planned on keeping it.

The next question is whether or not the FCC would use it in the case of AT&T’s plan. When I asked the agency, it confirmed that the terms and conditions of any ISP plan would have to be fully disclosed under the FCC’s transparency rules, and Section 222 will require broadband Internet access providers to protect the privacy of their customers. Cynics suggest that the net neutrality ruling took all of the political capital that the agency had, and now it will settle back into complacency, but I suspect that Wheeler has actually shifted his mindset entirely.

And if he has gone to seeing the Internet as a consumer sees it, then my gut says his agency couldn’t ignore a plan like this, especially if a consumer or consumer group filed complaints over AT&T’s plans. Wheeler would very likely take issue with the likely use of deep packet inspection by AT&T to watch where its customers are surfing, and use of economic incentives to essentially coerce customers into accepting this plan.

But, in the meantime, let’s take a look at what AT&T says about its plan to see how bad it really is. I asked AT&T if it was using deep packet inspection, which is the same tool that NebuAd and Phorm tried to use in 2008 here in the U.S. and led to a Congressional hearing. AT&T’s response was evasive.

[blockquote person=”” attribution=””]”As we said last time, we may use various methods to collect web browsing information, with clear customer consent for Internet Preferences.”

Note that, under AT&T’s own terms and conditions of the plan, it’s unclear how much of your web surfing Ma Bell can actually track in the first place since more sites have begun using the secure https protocol.

No matter what AT&T is using, it is clear that it will not collect information from secure web sites that use https. When I asked the spokesman relied: “We are not collecting information from secure or otherwise encrypted web sites.” This is actually helpful, because today, more sites outside of the traditional banks and e-commerce shopping carts are using https including Twitter, Google, Yahoo, Bing and Facebook. One reason might be because Google last year let the world know it would use https as a factor when determining how highly a page ranks in its search algorithms.

Still, large portions of the web, from Amazon’s general shopping pages to Wikipedia, as well as many major media sites are not using https, which can cost a lot of time and effort to implement. So while you perform a a search from many of the major search engines (including Duck Duck Go for the truly privacy conscious) you might avoid AT&T’s prying eyes under the plan, but once you land on a non-https page you’ll be back under its scrutiny.

To truly solve the issue, you can pay more and hope that your packets somehow avoid AT&T’s packet sniffing (or are you just avoiding the advertising emails?) or you can write the FCC a letter complaining that AT&T’s Internet Preference Plan invades your privacy in a way you think violates Section 222 of Title II. Or maybe you can hope John Oliver picks up on this story and calls Tom Wheeler a dingo again.

Updated: This post was updated on March 4 to add more cities with GigaPower availability.

Activists vow to defeat Iran’s Internet censorship

Iran is tightening its grip on the Internet before Friday’s parliamentary elections, but activists from Tor and related projects vow to keep up the free flow of information. That’s the best thing the world can do for the country, says the founder of Iran’s Reddit.

The tablet boom: Great for Wi-Fi, but not for carriers

Sandvine has some interesting New Year’s predictions about how tablets will intersect with the wacky world of mobile broadband. While new family data plans will encourage more consumers to connect their tablets to 3G and 4G networks, they will be awfully careful with their usage.

Packet Inspector Kindsight: We’re the Google of Web Security

Kindsight’s efforts to pair deep packet inspection for PC security with targeted behavioral ads will serve as a good test to see how well it can utilize the controversial DPI technology and make it attractive to consumers concerned about maintaining their privacy.

Deep Packet Inspection Circles Back for a Second Look

Deep packet inspection, a creepy targeting technology, is looking to make a comeback, this time armed with opt-in consent and incentives for users. The technology fell out of favor a couple years ago after ISPs tried to use the it to target subscribers with ads.

BT Dumps Phorm, But ISPs Have No Plans to Dump Ads

phorm-logoBT, the UK’s largest ISP, has decided to cut ties with Phorm, the deep packet inspection company that offered ISPs a way of targeting advertisements based on where their subscribers surfed on the web. When the relationship between the two was first made public last year, a privacy brouhaha ensued that led some other ISPs to distance themselves from the controversial technology, especially in the U.S. The European Commission got involved after folks in the UK discovered that in 2006 and 2007, BT had conducted secret pilots of the Phorm technology that had some customers feeling spied upon. Talk Talk and Virgin Media are still eyeing Phorm’s technology, although neither has seemed as enthusiastic as BT. Read More about BT Dumps Phorm, But ISPs Have No Plans to Dump Ads

The Government Wants to Spy on Your Packets

Hold onto your tinfoil hats because the government is seeking to chip away at your online privacy through the use of deep packet inspection. Despite what I’m about to tell you, there are good uses of this technology when it comes to managing and monitoring a network. So don’t shoot the technology, but feel free to take potshots at those trying to use it to suggest that ISPs monitor your surfing habits for illegal images, even those including child pornography.
Read More about The Government Wants to Spy on Your Packets